#1 2024-09-27 13:48:37

phss_phss
Member
Registered: 2024-08-05
Posts: 6

Send Email

I have a function that sends email. When I compile the project for widows, the email is sent correctly. But when I compile for Linux, I come across the following error:

EOpenSslNetTls {LastError:1,OpenSsl:"1010117F",Message:"TOpenSslNetTls.AfterConnection connect: OpenSSL 1010117F error 1 [SSL_ERROR_SSL (error:1416F086:SSL routines:tls_process_serve r_certificate:certificate verify failed) (unable to get local issuer certificate #20)]"} [TAppRestHttpSrv8081v1THttpSrvRe] at 6ea87f 00000000129308CA EXC ENetSock {Message:"TCrtSocket.DoTlsAfter: TLS failed [EOpenSslNetTls TOpens 6c922f 

In the email sending settings, I set TLS to 1. Am I missing something?

Offline

#2 2024-09-27 15:47:53

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,660
Website

Re: Send Email

Does have the smtp server a valid X.509 certificate, known by the client host?

Offline

#3 2024-09-27 19:12:05

mrbar2000
Member
From: Brazil
Registered: 2016-10-26
Posts: 90

Re: Send Email

ab wrote:

Does have the smtp server a valid X.509 certificate, known by the client host?

How I can verify this?
There are some other way to api server send email without this?
I i found this certificate how i configure it into mormot sendmail?
I fell me a newbie!

Last edited by mrbar2000 (2024-09-27 19:37:59)

Offline

#4 2024-09-27 19:47:21

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,660
Website

Offline

#5 2024-09-28 13:09:00

mrbar2000
Member
From: Brazil
Registered: 2016-10-26
Posts: 90

Re: Send Email

Thanks now works. Can u explain about this change? Or by default sendmail should be ignore certificate?

Offline

#6 2024-09-28 13:17:42

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,660
Website

Re: Send Email

My guess is that on Windows, you did have the information about the SMTP server certificate into your system, whereas with OpenSSL, you did not.

But it seems unsafe that SendEmail() would always ignore the certificate.
I have added a new optional TLSIgnoreCertError parameter:
https://github.com/synopse/mORMot2/commit/08d5d660
Ensure you set TLSIgnoreCertError = true for your server.

Offline

#7 2024-09-28 13:23:08

phss_phss
Member
Registered: 2024-08-05
Posts: 6

Re: Send Email

It works! Thank you A.B!!

Offline

#8 2024-10-02 08:20:54

zen010101
Member
Registered: 2024-06-15
Posts: 66

Re: Send Email

In linux, `/etc/ssl/certs` stores trusted certificates, including CA's. But in Windows, I don't know how to make openssl work to verify the tls cert. Therefore, it is recommended to use SChannel as the TLS layer in Windows, and OpenSSL is preferred in Linux.

Offline

Board footer

Powered by FluxBB